ASA虚拟防火墙的配置

实验六  ASA虚拟防火墙的配置

一、        实验目的

通过该实验掌握ASA虚拟防火墙的配置。

二、        实验任务

l        配置ASA虚拟防火墙

l        验证实验结果

三、        实验设备

ASA5505防火墙两台，CISCO 2950交换机两台，控制线一根，网络连接线若干，PC机若干，Sniffer软件一套

四、实验拓扑图及内容

拓扑图：

交换机上配置:

en

vlan data

vlan 2

vlan 3

exi

conf t

int f0/2

switchport access vlan 2      

int f0/3

switchport access vlan 3

int f0/10

switchport trunk encapsulation dot1q

switchport mode trunk

exi

exi

防火墙上配置

确定是否在多模式下：三

en

conf t

mode muli

手动重启

en

conf t

int e0

no sh

int e1

no sh

exi

int e1

inter e1.2  

vlan 2        

int e1.3

vlan 3

exi

 

conte admin

allocate-interface e1.2 intf1    

allocate-interface e0 intf0    

 

conte a

config-url flash:/a.cfg

allocate-interface e1.3 intf1

allocate-interface e0 intf0

changeto context admin

inter intf1

nameif inside

ip add 192.168.2.1 255.255.255.0

no sh

interface intf0

nameif outside

ip add 192.168.1.10 255.255.255.0

no sh

access-list outside permit icmp any any

access-list outside permit tcp any any eq telnet

access-group outside in interface outside

 

changeto context a

inter intf1

nameif inside

ip add 192.168.3.1 255.255.255.0

no sh

interface intf0

nameif outside

ip add 192.168.1.11 255.255.255.0

no sh

access-list outside permit icmp any any

access-list outside permit tcp any any eq telnet

access-group outside in interface outside

 

changeto sys

mac-address auto

 

外网R2上的配置

hostname R2

int f0/0

ip address 192.168.1.1 255.255.255.0

no sh

exi

ip route 192.168.2.0 255.255.255.0 192.168.1.10

ip route 192.168.3.0 255.255.255.0 192.168.1.11

end

 

 

pc1 机上配置

hostname PC

line vty 0 4

passw  cisco

exi

no ip routing

int f0/0

ip address 192.168.2.3 255.255.255.0

no sh

exi

ip default-gateway 192.168.2.1

end

 

pc2上的配置，hostname PC2

line vty 0 4

passw  cisco

exi

no ip routing

int f0/0

ip address 192.168.3.3 255.255.255.0

no sh

exi

ip default-gateway 192.168.3.1

end

五、实验总结

通过本实验，了解到了如何划分虚拟防火墙及划分VLAN，基本达到实验要求。